@ Windbot Forums / Moderation / Hacked / WARNING

[RosseServices]

- Alright, so i'll be kind of short in the writing. First let me be clear about a few point, so there's no place for miss interpretation:




1. I do not blame anyone for what happened here, i do not know what happened and i would just like to find the truth or the explanation.
2. I have nothing personal with the people involved in this thread, they've just done their work i guess, but yes i am pretty pissed about the situation and the way they worked it out.
3. If anyone knows anything about it, please post it on the thread, i'd like to see other moderators input on the subject, i don't want forum wars over here.
4. This is not a rage / complain post, once again, i just want to find out what happened here because it is sketchy as fuck.


----------------------


08/10

I wake and i start browsing forums as i usually do, when i find out my account on windbot forums has been banned. The reason said "Temp ban", honestly this was a total wtf momment for me, so i decided to msg dworak on skype, to find out how i could have possibly been hacked.

-- skype convo removed by dworak (i basically ask him why i got banned he answers, nothing weird)

Until the momments i had 0 words on the matter basically, lol, so i just waited.

-- skype convo removed by dworak (he says to talk with josh)

Alright, it was time to talk with josh.
I have to say it, the way you guys handled this was RIDICULOUS, there's not another word for it. Honestly, since this post here: https://forums.tibiawindbot.com/show...s-is-a-scammer(You can see how everyone i accused in that thread, or anyone that supported that guy was banned a while after, even getting away with scamming people. Great job boys. I started to doubt the way you handle things, but since now i completely lost faith, excepting a few mods that always do the things properly. (You know who you are)

--









What followed then was anapology for my behaviours, sorry again but understand me josh, after that i sent him a few more stuff that i think he believed as bulletproof since they removed the ban.




Just so you can understand why i was so pissed. According to them, X hacked my:

- Paypal
- Bank account
- Skrill
- Email my wb acc is registered too
- All the backup emails to that above email + all the phones it has linked to recover it + this super hacker also ignored all the methods outlook has to protect you.
- My xenobot forums acc
- Moderators of forums accounts
- Darkstar
- Aydin
- My facebook
- My cellphone whatsapp
- He came to argentina to steal my phone aswell
- He had a voice change program with my exact voice
- The chars linked to my tibiacast account
- My vps


There's no way in the world any of you wouldn't be pissed after offering all of those to prove your identity and get rejected. (If i was a moderator and someone offers me 1 of them, ANY of them, it would be more than enough. These are 15 possible ways)

And they claimed that whoever hacked all of the 15 above, he just did it to get unbanned from this account which isn't even idk, lucas terra's acc LOL, and try to scam a few houndred bucks...




Alright, all the drama aside, if i have to continue writing on the subject they'll only be words comming from emotions.


I make this post because i want to know what the fuck happened here. Was there a vulnerability on the forums? Did anyone with higher access permissions hack my account intentionally? I can not find any logical explanation to this, being 100% honest. My password was randomly generated by windbot forums (i had to recover my password with the account lost stuff), none of my other accs on any forums / tibia / nothing at all has been hacked, and that is all the information i have on the subject. I would like to warn everyone , i don't know if your windbot accounts are safe after this, and i would love to hear from anyone who could have an idea about what happened here. The hacker just messed with my acc, he did nothing serious, he sent 2 private msgs and edited my avatar lol, he didn't even try to steal nor anything like that so do not be concerned about it.



Anyhow, sorry about my behaviour and i just ask you not to judge me, its kinda emotional reaction what you can see there.


Any question or information i can provide, feel free to ask.


Yours,
Rosse

[Dolmero]

My password was randomly generated by windbot forums.

Did you get that password in an e-mail?

[RosseServices]

Did you get that password in an e-mail?

Yes sir.

[Josh]

- Paypal
- Bank account
- Skrill
- Email my wb acc is registered too
- All the backup emails to that above email + all the phones it has linked to recover it + this super hacker also ignored all the methods outlook has to protect you.
- My xenobot forums acc
- Moderators of forums accounts
- Darkstar
- Aydin
- My facebook
- My cellphone whatsapp
- He came to argentina to steal my phone aswell
- He had a voice change program with my exact voice
- The chars linked to my tibiacast account
- My vps

Paypal, bank, skrill, xenobot, windbot, facebook accounts would all be captured by email account being compromised which could be done in any number of ways. The email account does have a level of protection on, as you say, but that protection is easily overcome by IP spoofing, tunneling, VPN connections, proxy servers, or even just browsing from a VPS. Unless you have two factor fingerprint authentication (as I do on my Google account), it's impossible to guarantee that only you can access your account.
Havnig backup emails and shit prove nothing, just that whoever I'm talking to has access to the email account right now...
Moderators of forum accounts (including Windbot ones) could be compromised by the Xenobot leak - we are in the process of ensuring that we are not vulnerable to the same exploit though we do not believe that we are.
I tried to contact DarkstaR but he was unresponsive. You were in a rush so eventually I pursued other routes.
Aydin is a moderator on Xenobot, and as such his Skype credentials could have been compromised when his forum ones were. Aside from that, I don't know his Skype so I'd be taking that from you, which would be entirely insecure.
I didn't hear anything about your facebook, but that could easily be taken through recovery to email as above.
WhatsApp can be hacked by session spoofing without great difficulty, though the hacker would need access to some parts of your machine or your network traffic.
Your phone, I guess you're talking about WhatsApp again which as detailed above would not need to be stolen to acquire access to your WhatsApp. Aside from that, you didn't respond to your phone so I assumed it was not you on Skype.
Your voice, well, noone knew what you sounded like before soooooooooo.......................... We're also not going to trust someone on your TeamSpeak server to tell us that you are who you say you are, as we don't know them, they could be some friend of the hacker trying to help the hacker out.
The chars linked to TibiaCast could have been compromised if this were some sort of keylogger style attack, or even through email depending on how much information you store on email accounts.
Your VPS? Really? I don't know how you expect anyone to work out that it is you from seeing that you are connected to a VPS we have never heard of before.

So, to re-iterate, I have thoroughly chased every angle to ensure that your account was not released to a hacker and to minimise the risk of damage to your reputation, our reputation, and most importantly to the community, while ensuring that your customers at least have some information to go on, and a point of contact for if they want to discuss the issue further (in myself). I was pretty satisfied it was you by the WhatsApp stuff, as I know that would not only be difficult but require ongoing deep access to your PC which would be unlikely in these circumstances, but you were still acting incredibly strangely so I wasn't happy until today when I did a few more checks to confirm that you're connecting to both Skype and WindBot forums from the right ISP, location, and with an appropriate IP address.

To clarify: Our primary interest is the protection of the public. If there is any lesson to be learned here it is to trust in the staff and to speak with them reasonably and rationally, like it's just another day. It may not be another normal day, it might be frustrating, shit, whatever, that's not our thing to fix. It's our job to ensure that noone comes to financial harm due to our negligence, and if that means that one persons reputation takes a bit of a hit, then it's something we just have to take in stride. Naturally we're now working on reconciliation to work out who has compromised your account, we already have a few locations to check up on and even a few historical trades to investigate, but this sort of process can be very time consuming so we're treading carefully.

[RosseServices]

What pisses me off josh, is that, as you just posted, you thought somebody would have hacked all of that, for what? Hours and hours spent to get my acc unbanned and get banned right after? + Also the fact that where would be the real me, no posts made to warn people nor anything like that? Well.

Lets avoid forum wars please, we could write until tomorrow, you did your job and im thankful for it, i just want to know what happened.

[Imba]

Sorry, where can i find tl;dr version?

[Josh]

What pisses me off josh, is that, as you just posted, you thought somebody would have hacked all of that, for what? Hours and hours spent to get my acc unbanned and get banned right after? + Also the fact that where would be the real me, no posts made to warn people nor anything like that? Well.

Lets avoid forum wars please, we could write until tomorrow, you did your job and im thankful for it, i just want to know what happened.

I don't know what the hacker was doing on the account, he might have opened a private message containing 100+ rec keys or acc info... If I were a hacker, and I saw that, I'd go to some pretty extreme lengths to try regain access to them so while it might sound unplausible given all he seemed to do was overwrite your threads, it's not hard to imagine a situation where it becomes very plausible very quickly.

Not here for wars, just want to concisely put my point across. I know you have comments and they will be considered, but if anyone else is curious or thinks this was handled badly, we need to know so we can improve in future - the forum staffing is here to support and sustain the community, not to degrade or damage it, and if people think we're doing a bad job, we should try improve.

Sorry, where can i find tl;dr version?

Not sure there is one, but here goes: Rosse Wind account was hacked. I thought he was acting unusually on Skype (though we haven't spoken for a long time). The hacker changed his trade and levelling service threads for some spam, and changed his profile picture to a picture of a penis. We banned the account as a preventative measure, and took somewhere in the region of 36 hours to prove that we had contact with the original Rosse through a wide variety of checks and tests, and to return the account. Dworak thinks he was also hacked but I'm not sure how likely that is (noone seems to have done anything, but he did use same password between Wind and Xeno).

I think that's about it. The thing Rosse is, somewhat understandably, pissed about (and the reason behind this thread) I believe is mostly that it took 36 hours and a wide variety of tests to get the account returned.